Open-source intelligenceon your digital footprint.
Clearfront scans every public data source, maps how the evidence connects,
and an AI security analyst tells you what your exposure means.
git clone https://github.com/scottmartinanderson/clearfront.git


Give Clearfront an email, username, phone number, domain, or IP. In one sweep it scans every public data source, connects what it finds, and an AI security analyst compiles it into a report with the source, confidence, and severity on every line.
Check your own exposure, or run an authorized investigation.
- REPLAsk it to check an email, a username, or a domain; it runs the tools, follows the leads, and writes the report.
- CLIScriptable one-shot lookups for quick checks and automation.
- WebA browser console with the full chat UI and the live evidence graph.
- MCPPlug Clearfront into Claude Code or Claude Desktop as a tool server.
Hand the AI security analyst a target, or call any tool yourself from the shell.
clearfront # start the interactive AI security analystclearfront email jane@example.com # or run one-shot lookupsclearfront username johndoe99clearfront ip 8.8.8.8clearfront web # or open the browser console
Or run it as an MCP server inside Claude Code or Claude Desktop.
{"mcpServers": {"clearfront": {"command": "clearfront-mcp"}}}
All 30 tools run in a single sweep. Each returns a real result the AI security analyst can verify, grouped here by discipline.
- search_usernameReused handles across 3,400+ sites
- search_maigretDeep profile details from matched accounts
- search_footprintPublic search-engine footprint for a target
- search_githubPublic repos, commits, and leaked keys
- search_gravatarAvatars and profiles from an email hash
- search_emailWhich sites an email is registered on
- search_emailrepReputation, deliverability, and risk flags
- search_breachAppearances in known data breaches
- search_hudsonrockExposure in infostealer-malware logs
- search_pasteLeaked data in public paste dumps
- search_cryptoOn-chain balance and activity for a wallet
- search_domainSubdomains of a target domain
- search_whoisRegistrant, registrar, and key dates
- search_dnsDNS records and mail-security config
- search_crtSubdomains from certificate transparency
- search_waybackHistorical and deleted pages from the archive
- search_harvesterEmails and hosts for a domain
- search_ipGeolocation, ASN, and host details
- search_exposureReverse DNS, blocklists, and VPN/proxy risk
- search_shodanInternet-exposed devices and services
- search_censysHosts, certificates, and exposed services
- search_ip2locationGeolocation and VPN/proxy detection
- search_abuseipdbAbuse reports and blocklist status
- search_greynoiseMass-scanner noise vs. targeted actor
- search_virustotalMalware and reputation verdicts
- search_phoneCarrier, country, and line type
- search_exifGPS and metadata hidden in photos
- generate_dorksTargeted Google dork queries
- search_dorks_liveRuns the dorks and returns live hits
- scrape_urlPulls and parses any page for the AI security analyst
Clearfront maps your whole digital footprint into a graph you can explore. Every account, breach, and domain becomes a point on a force-directed graph, and every shared email, reused username, or repeated IP becomes a link between them.
The algorithm clusters related data points, so a scattered digital footprint settles into a clear, connected picture where you can see where the real risk sits. Click any node to ask the AI security analyst to dig deeper, and the evidence graph grows with every new connection it finds.
Not a list of links. A structured intelligence report. Calibrated confidence, severity, and source reliability on every finding.
The email j.reyes@example.com very likely belongs to a single individual, Jordan E. Reyes, with a footprint spanning ten familiar platform accounts, two personal domains, one active company, and two dissolved companies. Credentials tied to the subject appear in infostealer logs and three known breaches, and a home address and phone are indexed on four data-broker sites.
Confidence: high, based on seven URL-verified accounts and two live breach-database hits. The company links are moderate confidence, drawn from indexed registry records rather than live results.
Clearfront runs entirely on your own machine, with your own API keys. Your targets, your findings, and everything it collects stay on your device. We never see or store your data.
Clone it, install it, set an API key, and run. Free and open source, nothing to sign up for.
git clone https://github.com/scottmartinanderson/clearfront.gitcd clearfrontpip install -e .export ANTHROPIC_API_KEY=sk-ant-...clearfront # interactive REPLclearfront web # browser console
Runs on macOS, Linux, and Windows with Python 3.10 or newer.
Works with Claude, OpenAI, or a fully local model through Ollama. Set the key for whichever you use, or run entirely on Ollama with no key at all.
A few collection tools use external binaries. Install holehe, sherlock, maigret, sublist3r, phoneinfoga, and exiftool to enable them.
Extra API keys (Shodan, HIBP, VirusTotal, and others) are optional and unlock more sources.
- Open sourceSelf-hosted · free foreverRecommended
Your digital footprint is public. Map every trace of it.
- -30 OSINT tools + AI security analyst
- -Algorithm-linked 3D evidence graph
- -100% local, we never see your data
Install ↓No sign-up required.
- CloudHosted · pre-launch
Your exposure, instantly, in the browser.
- -Hosted, nothing to install
- -Managed keys, or bring your own
- -Your digital footprint exposure at a glance
Join the waitlist → - OperatorManaged · by request
OSINT built into your stack, done for you.
- -Integrated with your SOC, threat-intel, or AI stack
- -Keys and custom workflows configured
- -Ongoing threat monitoring and support
Get in touch →
Clearfront is released under the MIT license. Use it, change it, build on it, and ship it in commercial or closed-source work. No fee, no sign-up, free for any use.
Read the full license.
Clearfront is intended for authorized use only: security research, penetration testing, law enforcement, intelligence agencies and investigative journalism. It operates on public data alone and performs no intrusive probing.
Users are solely responsible for compliance with all applicable law, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Computer Fraud and Abuse Act (CFAA).
- Checking your own footprint
- Penetration testing you are cleared to run
- Journalism in the public interest
- Law enforcement acting on a legal basis
- Stalking, harassment, or intimidation
- Doxxing or exposing someone else
- Surveillance without consent or authority
- Fraud or impersonation
Full terms are in the disclaimer.
Scrub your digital footprint off the internet.
Your personal data is still public. Claude can find it and complete the removals for you, on autopilot for free.
No spam, unsubscribe anytime.